在 htaccess 中如何将用户从 http 重定向到 https 并再次返回
我正在尝试让登录页面重定向到 https,并将所有其他页面恢复为标准 http。当我将 /login 作为地址时,它显示为 /index.php?page=login 并且不显示在安全页面上。
有问题的 htaccess 代码如下:
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/login$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
RewriteCond %{REQUEST_URI} !^/login$
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
RewriteRule ^([a-zA-Z0-9_\-\(\)]+)[/]?$ /index.php?page=$1
I'm trying to get a login page to redirect to https and all other pages revert to standard http. When I have /login as the address, it shows up as /index.php?page=login and isn't displayed on a secure page.
The htaccess code in question is below :
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/login$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
RewriteCond %{REQUEST_URI} !^/login$
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
RewriteRule ^([a-zA-Z0-9_\-\(\)]+)[/]?$ /index.php?page=$1
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
最好在应用程序级别执行此操作,即直接将“登录”链接作为 HTTPS 链接发送。
从 HTTP 重定向到 HTTPS 的问题是客户端首先通过纯 HTTP 发出请求。在仅访问 HTTPS 初始页面的情况下,这不一定是问题,但如果您在透明重定向到 HTTPS 页面的 HTTP 请求中发送凭据,那么它们无论如何都会被泄露。
It's probably better to do this at the application level, that is, send the "login" link as an HTTPS link directly.
The problem with redirects from HTTP to HTTPS is that the client first makes the request over plain HTTP. In the case where it's only going to the HTTPS initial page, it's not necessarily a problem, but if you send the credentials in an HTTP request that's transparently redirected to an HTTPS page, they'll have been leaked anyway.